oss-sec mailing list archives
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Mon, 28 Feb 2011 14:40:36 -0500
I'm not familiar with this code or any of the context surrounding this fix, but it appears to be an incomplete fix. Checking for existence of a symlink and then opening the resource leaves open a window during which a legitimate file can be replaced with a symlink. Also, I don't see a reason why a hard link couldn't be used for exploitation instead. -Dan 2011/2/28 Helgi Þormar Þorbjörnsson <helgi () php net>:
The lack of symlink checks in the PEAR installer 1.9.1 <= while doing installation and upgrades, which initiate various system write operations, can cause privileged users unknowingly to overwrite critical system files. Further information can be found in this temporary advisory http://pear.php.net/advisory-20110228.txt and the Fixes can be found at http://news.php.net/php.pear.cvs/61264 - Helgi
Current thread:
- CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Feb 28)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Dan Rosenberg (Feb 28)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Pierre Joye (Mar 01)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Mar 01)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Vincent Danen (Mar 03)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Dan Rosenberg (Mar 01)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Pierre Joye (Mar 01)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Mar 01)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Mar 08)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Vincent Danen (Mar 11)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Pierre Joye (Mar 01)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Dan Rosenberg (Feb 28)